""" 員工生命週期管理 API 觸發員工到職、離職自動化流程 """ from fastapi import APIRouter, Depends, HTTPException, status from sqlalchemy.orm import Session from app.db.session import get_db from app.models.employee import Employee from app.services.employee_lifecycle import get_employee_lifecycle_service router = APIRouter() @router.post("/employees/{employee_id}/onboard") async def onboard_employee( employee_id: int, create_keycloak: bool = True, create_email: bool = True, create_drive: bool = True, db: Session = Depends(get_db), ): """ 觸發員工到職流程 自動執行: - 建立 Keycloak SSO 帳號 - 建立主要郵件帳號 - 建立雲端硬碟帳號 (Drive Service,非致命) 參數: - create_keycloak: 是否建立 Keycloak 帳號 (預設: True) - create_email: 是否建立郵件帳號 (預設: True) - create_drive: 是否建立雲端硬碟帳號 (預設: True,Drive Service 未上線時自動跳過) """ employee = db.query(Employee).filter(Employee.id == employee_id).first() if not employee: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail=f"員工 ID {employee_id} 不存在" ) if employee.status != "active": raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail=f"只能為在職員工執行到職流程 (目前狀態: {employee.status})" ) lifecycle_service = get_employee_lifecycle_service() results = await lifecycle_service.onboard_employee( db=db, employee=employee, create_keycloak=create_keycloak, create_email=create_email, create_drive=create_drive, ) return { "message": "員工到職流程已觸發", "employee": { "id": employee.id, "employee_id": employee.employee_id, "legal_name": employee.legal_name, }, "results": results, } @router.post("/employees/{employee_id}/offboard") async def offboard_employee( employee_id: int, disable_keycloak: bool = True, email_handling: str = "forward", # "forward" 或 "disable" disable_drive: bool = True, db: Session = Depends(get_db), ): """ 觸發員工離職流程 自動執行: - 停用 Keycloak SSO 帳號 - 處理郵件帳號 (轉發或停用) - 停用雲端硬碟帳號 (Drive Service,非致命) 參數: - disable_keycloak: 是否停用 Keycloak 帳號 (預設: True) - email_handling: 郵件處理方式 "forward" 或 "disable" (預設: forward) - disable_drive: 是否停用雲端硬碟帳號 (預設: True,Drive Service 未上線時自動跳過) """ employee = db.query(Employee).filter(Employee.id == employee_id).first() if not employee: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail=f"員工 ID {employee_id} 不存在" ) if email_handling not in ["forward", "disable"]: raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="email_handling 必須是 'forward' 或 'disable'" ) lifecycle_service = get_employee_lifecycle_service() results = await lifecycle_service.offboard_employee( db=db, employee=employee, disable_keycloak=disable_keycloak, handle_email=email_handling, disable_drive=disable_drive, ) # 將員工狀態設為離職 employee.status = "terminated" db.commit() return { "message": "員工離職流程已觸發", "employee": { "id": employee.id, "employee_id": employee.employee_id, "legal_name": employee.legal_name, }, "results": results, } @router.get("/employees/{employee_id}/lifecycle-status") async def get_lifecycle_status( employee_id: int, db: Session = Depends(get_db), ): """ 查詢員工的生命週期狀態 回傳: - Keycloak 帳號狀態 - 郵件帳號狀態 - 雲端硬碟帳號狀態 (Drive Service) """ employee = db.query(Employee).filter(Employee.id == employee_id).first() if not employee: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail=f"員工 ID {employee_id} 不存在" ) # TODO: 實際查詢各系統的帳號狀態 return { "employee": { "id": employee.id, "employee_id": employee.employee_id, "legal_name": employee.legal_name, "status": employee.status, }, "systems": { "keycloak": { "has_account": False, "is_enabled": False, "message": "尚未整合 Keycloak API", }, "email": { "has_account": False, "email_address": f"{employee.username_base}@porscheworld.tw", "message": "尚未整合 MailPlus API", }, "drive": { "has_account": False, "drive_url": "https://drive.ease.taipei", "message": "Drive Service 尚未上線", }, }, }